ISO/IEC 27001 is the international standard for Information Security Management Systems (ISMS).
It is based largely upon the previously adopted BS 7799 used commonly since 1995 for managing information security.
ISO/IEC 27001 provides the framework for a technology neutral, vendor-neutral management system that enables an organisation to assure itself that its information security measures are effective. This includes the continued accessibility, confidentiality and integrity of its own information and that of its stakeholders as well as legal compliance.
Implementation of ISO 27001 is an ideal response to legal requirements and potential security threats such as:
- Vandalism / terrorism
- Viral attack
ISO/IEC 27001 is structured to be easily compatible with other management systems standards such as ISO 9001 and ISO 14001. Whilst there are some clause numbering differences, common elements include documentation, review and audit requirements, enabling an organisation to develop a largely integrated management system.
Whilst modern communication mediums mean that most ISMS systems are focused on ICT, ISO 27001 is equally applicable to other forms of information, such as paper records, images, and even conversations.
ISO/IEC 27001 is applicable to any organisation where the misuse, corruption, or loss of its business or customer information could result in major commercial prejudice.
TQV has registered organisations to ISO/IEC 27001 in sectors as diverse as storage and warehousing, secure destruction, telecommunications, advertising, financial outsourcing and software development.
- Customer satisfaction - by giving confidence that their personal information is protected and confidentiality upheld
- Business continuity - through management of risk, legal compliance and vigilance of future security issues and concerns
- Legal compliance - by understanding how statutory and regulatory requirements impact the organization and its customers
- mproved risk management - through a systematic framework for ensuring customer records, financial information and intellectual property are protected from loss, theft and damage
- Proven business credentials - through independent verification against recognized standards
- Ability to win more business - particularly where procurement specifications require certification as a condition to supply
TOV has a unique approach of certification which complies with the requirement for bodies providing audit and certification of management system.